Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• The governor of Florida reported October 7 that roughly 600,000
homes across the State were without power due to Hurricane Matthew. – Reuters

1. October 7, Reuters –
(Florida) Some 600,000 Florida homes without power due to hurricane:
governor. The governor of Florida reported October 7 that roughly 600,000
homes across the State were without power due to Hurricane Matthew and more
outages were expected as the storm continues to move north along Florida’s east
coast.

• Six U.S. Army soldiers and two civilian co-conspirators were
indicted October 5 for their roles in a more than $1 million scheme where they
stole and sold sensitive U.S. Army equipment from Fort Campbell in
Hopkinsville, Kentucky, to anonymous Internet buyers in Russia, China, and
other countries. – U.S. Department of Justice

14. October 6, U.S.
Department of Justice – (International) Six Fort Campbell soldiers and
two others charged with stealing and selling sensitive military equipment. Six
U.S. Army soldiers and two civilian co-conspirators were indicted October 5 for
their roles in a more than $1 million scheme where the group stole sensitive
U.S. Army equipment from Fort Campbell in Hopkinsville, Kentucky, and sold it
to anonymous Internet buyers in Russia, China, Kazakhstan, and Mexico, among
other countries. Source: https://www.justice.gov/opa/pr/six-fort-campbell-soldiers-and-two-others-charged-stealing-and-selling-sensitive-military

• The owner of RASKO, a mall kiosk business, pleaded guilty
October 6 to his role in a $14 million immigration and money laundering scheme
where he and co-conspirators recruited and sent over 140 foreign nationals to
the U.S. to work at one of RASKO’s locations from 2011 – 2016. – U.S.
Attorney’s Office, Eastern District of Virginia

21. October 6, San
Francisco Bay City News – (California) Firefighters clean up small
radioactive spill that prompted evacuations in Antioch. Around 50 apartment
units in about 8 apartment complexes in Antioch, California, were evacuated for
roughly 3 hours October 6 after a radioactive material spilled at a
construction site when a truck ran over a piece of equipment that contained
cesium and americium. No injuries were reported and HAZMAT crews cleaned up the
radioactive material. Source:
http://www.nbcbayarea.com/news/local/Contra-Costa-Fire-Investigate-Hazmat-Situation-at-Antioch-Construction-Site-396177381.html

Financial Services Sector

5. October 6, U.S.
Attorney’s Office, District of Massachusetts – (National) Boston man
charged with identity theft in scheme to defraud retirement accounts. A
Boston resident was charged October 6 for his role in an identity theft scheme
where he and a co-conspirator who worked as a customer service employee at
Mercer, Inc. allegedly stole the personal information and bank account numbers
from roughly 270 retirement accounts managed by Mercer, Inc. in order to
withdraw money from the accounts from February 2014 – April 2014. The charges
allege that the stolen retirement account information was used to load a
prepaid card with almost $20,000 in illicitly obtained funds, which the
defendant used for personal expenses. Source: https://www.justice.gov/usao-ma/pr/boston-man-charged-identity-theft-scheme-defraud-retirement-accounts

6. October 6, U.S.
Attorney’s Office, District of Maryland – (Maryland; Washington, D.C.) Federal
indictment charges four conspirators in fraudulent credit card scheme. Four
individuals were charged October 6 for their roles in a fraudulent credit card
scheme where the group allegedly stole the personal information of at least 33
victims in order to apply for and obtain credit cards, which were used to
purchase merchandise and gift cards worth more than $135,000 from October 2014
– July 2016. Source: https://www.justice.gov/usao-md/pr/federal-indictment-charges-four-conspirators-fraudulent-credit-card-scheme

Information Technology Sector

15. October 7,
SecurityWeek – (International) VMware patches directory traversal flaw
in Horizon View. VMware released versions 7.0.1, 6.2.3, and 5.3.7 of its
Horizon View products for Microsoft Windows after a security researcher, dubbed
“Bruk0ut” discovered the products were plagued with a flaw that could allow a
remote attacker to carry out a directory traversal attack on the Horizon View
Connection Server to access sensitive information.

16. October 7,
SecurityWeek – (International) X.Org library flaws allow privilege
escalation, DoS attacks. The X.Org Foundation released patches addressing
more than a dozen vulnerabilities in its client libraries, including an
out-of-bounds memory read or write error flaw in libX11 versions 1.6.3 and
earlier, an integer overflow issue on 32-bit systems in libXfixes versions
5.0.2 and earlier, and a denial-of-service (DoS) condition via out of boundary
memory access or endless loops in XRecord versions 1.2.2 and earlier, among
other vulnerabilities. X.Org reported most of the flaws exist because the
client libraries trust the server to send correct protocol data and do not
consider that the values could cause an overflow or other issues. Source: http://www.securityweek.com/xorg-library-flaws-allow-privilege-escalation-dos-attacks

17. October 6,
SecurityWeek – (International) Cerber ransomware can now kill database
processes. Security researchers from BleepingComputer discovered a new
variant of the Cerber ransomware family is able to kill many database processes
before the encryption process begins by using a close_process directive in the
configuration file in order to encrypt the processes’ data files. The
researchers also found Cerber switched to a four-character randomly generated
extension and started scrambling the name of the encryption file, making it
more difficult for victims to recover their data. Source: http://www.securityweek.com/cerber-ransomware-can-now-kill-database-processes

For another story, see item 20
below from the Commercial Facilities Sector

20. October 6, Softpedia –
(International) FastPOS malware abuses Windows Mailslots to steal POS data. Trend
Micro security researchers reported a point-of-sale (PoS) malware, dubbed
FastPOS received updates and now uses a modular design with separate
components, memory scrapper and keylogger, designed to infect Microsoft Windows
computers running 32-bit and 64-bit systems, making the malware more efficient
and more difficult to detect. The malware was spotted abusing Mailslots, a
Windows mechanism used to store inter-process communications (IPC) in the
computer’s random access memory (RAM) in order to avoid creating permanent
files.

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"